1

Let's say, I have a project that has 8 pods(services). I understand that authentication and authorization are covered in Istio Gateway using jwt. So that every request is verified. But users with different roles ex: [teacher, student, staff] need to have an endpoint to signup/signin/logout with username and password. Is there a way that Istio Gateway handles user creation saving it to db and generating jwt? Or do I have to make another Pod(service) dedicated to Auth and generate jwt from this pod? If so, how can I still set up jwt verification right from the gateway?

Thank you for taking time and reading this)

coolisuz
  • 13
  • 2

1 Answers1

0

Is there a way that Istio Gateway handles user creation saving it to db and generating jwt?

No, to do this, you need to create an Authentication micro-service (application) that generates the token.

Istio takes care of the task of validating the JWT tokens in the incoming user requests. So if you implement Istio JWT authentication feature, your application code doesn’t need to bother about the JWT token validation. Istio will do it for you. Not JWT token generation. Istio will not generate the tokens for you. This should be done by Authentication micro-service. Istio will check if the JWT is valid or not.

Here you can find step by step guide, how Istio and JWT for Micro-Services Authentication works. There you will find also many JWT-based authorization schemes.

See also:

  • Hello @SaidjamolIkramov and welcome to ServerFault! Please remember to [react to answers for your questions](https://stackoverflow.com/help/someone-answers). That way we know if the answers were helpful and other community members could also benefit from them. Try to [accept answer](https://stackoverflow.com/help/accepted-answer) that is the final solution for your issue, upvote answers that are helpful and comment on those which could be improved or require additional attention. Enjoy your stay! – Wytrzymały Wiktor Jun 07 '21 at 11:25